top of page

WAF.4

A WAF Regional web ACL should have at least one rule or rule group

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Amazon Web Application Firewall

AWS Foundational Best Practice, CDR, SOC2, NIST.800-53.r5,

This control checks whether a WAF Regional web ACL contains any WAF rules or WAF rule groups. This control fails if a web ACL does not contain any WAF rules or rule groups.

bottom of page